Appscan Technology

Zyntax Web Application Security Scan

In addition to well known Quality Management expertise in performance and functional testing, Zyntax consultants have significant experience in testing web based applications for security vulnerabilities.

What is Web Application Security?

Web applications exist in many forms. Search engines, shopping carts, online banking, and social networking sites are all examples. Web applications are employed to carry out many mission-critical tasks and if anything is certain, our reliance upon web applications will continue to grow. Web application security is simply the securing of web applications and its back-end systems.

Why is Web Application Security Important?

Web application breaches show no sign of slowing down and securing them have become top priority. For organizations with little or no security expertise in house, but who recognize the need to address application security quickly, outsourcing vulnerability scanning and analysis is the quickest path to success.

Scan Preparation

Scanning & Verification

• Configure scan and create a custom test policy that is relevant for your application.

• Perform the automated scan with IBM Rational Appscan.

• Filter false positives and analyze the data to make sure you get the relevant information that you need.

Manual Testing

• If necessary our consultant will run manual tests to enhance the findings identified. This will include exploitation of identified findings and producing examples to enhance reports.

• This may include running additional tools.

Reporting

• With the final results from the tests performed with Appscan our consultant will conduct a Risk Analysis to ensure the issues found are rated appropriately.

• Zyntax will conduct a results review meeting with the client using Appscan and produce reports to highlight the relevant vulnerabilities and issues.

Follow Up

• Zyntax will save and store the results and Appscan configuration file for a potential future re-scan.

• Another service is our periodic vulnerability scan. With new vulnerabilities being identified all the time, the latest firewalls and Intrusion Detection Systems will not protect your organisation if they are not kept up-to-date and configured correctly. In addition to new vulnerabilities, any changes to your system's configuration may open up new paths. Being audited 'all safe' last week does not mean your systems are fine today. That is why we introduce our periodic scan for an attractive rate